Rudy Giuliani's Paranoid Nonsense Tweet Is A Good Reminder That We Need Actual Cybersecurity Experts In Government

from the what-the-actual-fuck dept

Rudy Giuliani may have built up a reputation for himself as "America's Mayor" but the latest chapters in his life seem to be a mad dash to undo whatever shred of goodwill or credibility he might have left. Politics watchers will know that he's been acting as the President's lawyer, in which (as far as I can tell) his main job is to go on TV news programs and reveal stuff no lawyer should reveal. But, we shouldn't forget Giuliani's previous jobs. His earlier firm, Giuliani Partners, had a subsidiary called Giuliani Security that at least at one time claimed to do "cybersecurity." Of course, when the press explored what that actually meant, it was fairly limited.

"If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber," a cybersecurity executive in New York who has experience with Giuliani Security and Safety and requested to remain anonymous told Motherboard. "Basically, not to prevent a Target [breach], but how to prevent a Target CEO being fired."

Yesterday, Giuliani made clear just how incredibly ignorant he is of the basic functioning of the internet. As I type this these tweets are still up, but I'll post a screenshot on the assumption that someday, someone with actual knowledge will get to Giuliani and convince him to take these tweets down:

There's a lot going on here, so if you haven't been following all of this, it may take a bit to unpack. The first tweet references Mueller's recent filings against Paul Manafort, Trump's former campaign boss, for lying (again) to the Special Counsel's Office. Giuliani is making a weird unfounded claim that Mueller is specifically timing his indictments to times when the President is about to leave town for international gatherings. Considering the number of indictments that Mueller drops -- most of which don't happen when Trump is about to travel to meet foreign world leaders -- this already feels like ridiculous conspiracy mongering.

Within that tweet, Giuliani appears to make a few typos -- specifically forgetting to put a space after the period of a couple of sentences. The first time this happened, the sentence ended with "G-20." The next sentence begins "In". However, because (1) the lack of a period mushes these together as "G-20.In" and (2) because ".in" is the top level domain for India, Twitter interpreted that as a link to the website g-20.in. Some bright, enterprising person then registered such a website and posted an anti-Trump message to it, specifically this:

Whoever set up that site has since added a news update concerning Mueller's recent sentencing recommendations for Trump's former National Security Advisor Michael Flynn, who was among the first brought down by Mueller.

Lots of people were mocking supposed "cybersecurity expert" Giuliani for accidentally posting such a link and opening himself up to such a thing. But last night Giuliani decided to take the nonsense to extreme levels of nonsense, accusing "cardcarrying anti-Trumpers" at Twitter of allowing "someone to invade" his tweet to insert that link. His "evidence" for this was the fact that the second time in that same tweet where he made the same "no space after a period" typo -- creating "Helsinki.Either" -- it did not turn into a link. And... as basically anyone who has even the most rudimentary understanding of the internet (clearly not including cybersecurity expert Rudy Giuliani), the reason there is no link for that is because ".either" is not (yet) a top level domain, and thus Twitter's systems don't see it as a link and don't automatically link it.

The rest of the internet has been having lots of fun with this, mocking Giuliani, and I'm amazed that the tweet has stayed up for as long as it has. Twitter was even forced to issue a statement denying any foul play:

A spokesperson told Fortune that the company’s “service worked as designed.” The spokesperson added that whenever someone tweets a Web address, a clickable link is automatically created.

“Any suggestion that we artificially injected something into the user’s account is false,” the spokesperson said.

And while it may be fun to mock such utter incompetence put on display for the world, this really does highlight a serious problem. The lack of knowledgeable people about real online security issues in the government -- especially when computer security issues are so vital to almost everything these days -- is a real problem. We can laugh about "cybersecurity advisor" and "expert" Rudy Giuliani not understanding how top level domains and links work, but then we should be terrified to think that... who the hell is actually advising the administration on very serious issues regarding internet security, at a time when tons of entities, from lowly criminals to aggressive nationstates, are using the network to mount various attacks.

And, yes, there are actually a number of other people in the government who do truly understand this stuff. But over and over again it appears that the people appointed to the highest levels concerning these things have no clue. And that's a big deal, because computer security issues aren't something you just pick up with a crash course. They're complex and challenging and require a pretty deep level of knowledge to actually understand both the threats and the possible remedies. And, when the administration's top cybersecurity adviser freaks out because he doesn't know what a top level domain is... that should worry us all.

I'm fairly sure that they'd be just as mocking of somebody so obviously clueless about the specific job they were hired for, no matter which party they belonged to. The fact that only one party seems to be doing such things does not indicate bias when it's reported.